| 1 |
diff -Nur smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth |
| 2 |
--- smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth 1970-01-01 01:00:00.000000000 +0100 |
| 3 |
+++ smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth 2013-10-23 21:31:24.000000000 +0200 |
| 4 |
@@ -0,0 +1,5 @@ |
| 5 |
+{ |
| 6 |
+ $OUT .= " AddExternalGroup ugroup /usr/lib/httpd/modules/unixgroup\n"; |
| 7 |
+ $OUT .= " SetExternalGroupMethod ugroup environment\n"; |
| 8 |
+} |
| 9 |
+ |
| 10 |
diff -Nur smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost |
| 11 |
--- smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost 2013-10-23 21:23:18.000000000 +0200 |
| 12 |
+++ smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost 2013-10-23 21:36:05.000000000 +0200 |
| 13 |
@@ -4,51 +4,9 @@ |
| 14 |
unless $status eq 'enabled'; |
| 15 |
|
| 16 |
$OUT = ""; |
| 17 |
- my $allow = 'all'; |
| 18 |
- my $pass = '0'; |
| 19 |
- my $satisfy = 'all'; |
| 20 |
- my $name = $phpvirtualbox{'Name'} || 'phpvirtualbox'; |
| 21 |
+ my $satisfy = 'all'; |
| 22 |
+ my $name = $phpvirtualbox{'Name'} || 'phpvirtualbox'; |
| 23 |
|
| 24 |
- for ('exit-if-none') |
| 25 |
- { |
| 26 |
- if ($phpvirtualbox{'PublicAccess'}) |
| 27 |
- { |
| 28 |
- if ($phpvirtualbox{'PublicAccess'} eq 'none') |
| 29 |
- { |
| 30 |
- next; |
| 31 |
- } |
| 32 |
- elsif ($phpvirtualbox{'PublicAccess'} eq 'local') |
| 33 |
- { |
| 34 |
- $allow = $localAccess; |
| 35 |
- $pass = 0; |
| 36 |
- $satisfy = 'all'; |
| 37 |
- } |
| 38 |
- elsif ($phpvirtualbox{'PublicAccess'} eq 'local-pw') |
| 39 |
- { |
| 40 |
- $allow = $localAccess; |
| 41 |
- $pass = 1; |
| 42 |
- $satisfy = 'all'; |
| 43 |
- } |
| 44 |
- elsif ($phpvirtualbox{'PublicAccess'} eq 'global') |
| 45 |
- { |
| 46 |
- $allow = 'all'; |
| 47 |
- $pass = 0; |
| 48 |
- $satisfy = 'all'; |
| 49 |
- } |
| 50 |
- elsif ($phpvirtualbox{'PublicAccess'} eq 'global-pw') |
| 51 |
- { |
| 52 |
- $allow = 'all'; |
| 53 |
- $pass = 1; |
| 54 |
- $satisfy = 'all'; |
| 55 |
- } |
| 56 |
- elsif ($phpvirtualbox{'PublicAccess'} eq 'global-pw-remote') |
| 57 |
- { |
| 58 |
- $allow = $localAccess; |
| 59 |
- $pass = 1; |
| 60 |
- $satisfy = 'any'; |
| 61 |
- } |
| 62 |
- } |
| 63 |
- |
| 64 |
$OUT .= "#------------------------------------------------------------\n"; |
| 65 |
$OUT .= "# phpvirtualbox - $name\n"; |
| 66 |
$OUT .= "#------------------------------------------------------------\n"; |
| 67 |
@@ -57,27 +15,30 @@ |
| 68 |
if ((exists $phpvirtualbox{'URL'}) && ($phpvirtualbox{'URL'} ne '')) |
| 69 |
{ $OUT .= "Alias /$phpvirtualbox{'URL'} /opt/phpvirtualbox\n"; } |
| 70 |
} |
| 71 |
- |
| 72 |
+ { |
| 73 |
$OUT .= "Alias /phpvirtualbox /opt/phpvirtualbox\n"; |
| 74 |
|
| 75 |
$OUT .= "\n"; |
| 76 |
$OUT .= "<Directory /opt/phpvirtualbox>\n"; |
| 77 |
+ $OUT .= " SSLRequireSSL\n"; |
| 78 |
$OUT .= " order deny,allow\n"; |
| 79 |
$OUT .= " deny from all\n"; |
| 80 |
- $OUT .= " allow from $allow\n"; |
| 81 |
+ $OUT .= " allow from $localAccess\n"; |
| 82 |
$OUT .= " php_admin_value upload_tmp_dir /tmp\n"; |
| 83 |
|
| 84 |
- if ($pass) |
| 85 |
- { |
| 86 |
$OUT .= " AuthName \"$name\"\n"; |
| 87 |
$OUT .= " AuthType Basic\n"; |
| 88 |
$OUT .= " AuthExternal pwauth\n"; |
| 89 |
- $OUT .= " require valid-user\n"; |
| 90 |
+ $OUT .= " GroupExternal ugroup\n"; |
| 91 |
+ $OUT .= " AuthzUserAuthoritative off\n"; |
| 92 |
+ $OUT .= " require user $phpvirtualbox{'User'}\n"; |
| 93 |
+ $OUT .= " require group $phpvirtualbox{'Group'}\n"; |
| 94 |
$OUT .= " Satisfy $satisfy\n"; |
| 95 |
- } |
| 96 |
+ |
| 97 |
$OUT .= " AddType application/x-httpd-php .php\n"; |
| 98 |
$OUT .= " php_admin_value open_basedir /opt/phpvirtualbox\n"; |
| 99 |
$OUT .= " php_admin_value eaccelerator.enable 1\n"; |
| 100 |
$OUT .= "</Directory>\n"; |
| 101 |
} |
| 102 |
} |
| 103 |
+ |
| 104 |
diff -Nur smeserver-phpvirtualbox-4.3.0-old/root/usr/lib/httpd/modules/unixgroup smeserver-phpvirtualbox-4.3.0/root/usr/lib/httpd/modules/unixgroup |
| 105 |
--- smeserver-phpvirtualbox-4.3.0-old/root/usr/lib/httpd/modules/unixgroup 1970-01-01 01:00:00.000000000 +0100 |
| 106 |
+++ smeserver-phpvirtualbox-4.3.0/root/usr/lib/httpd/modules/unixgroup 2013-10-23 21:33:29.000000000 +0200 |
| 107 |
@@ -0,0 +1,69 @@ |
| 108 |
+#!/usr/bin/perl |
| 109 |
+# |
| 110 |
+# This is a group authenticator for use with mod_auth_external using the |
| 111 |
+# "environment" argument passing method. If you are using mod_authnz_external, |
| 112 |
+# then a much better choice is to use mod_authz_unixgroup for group checking. |
| 113 |
+# It checks if the Unix user ID passed in the USER environment variable is in |
| 114 |
+# any of Unix groups (names or numbers) listed in the GROUP environment |
| 115 |
+# variable. It returns |
| 116 |
+# 0 - if the user is in one of the groups |
| 117 |
+# 1 - if the user is not in any of the groups |
| 118 |
+# 2 - if the user does not exist. |
| 119 |
+# |
| 120 |
+# This isn't a very efficient way to do group checking. I hope to find time |
| 121 |
+# to do something better someday. |
| 122 |
+# |
| 123 |
+# Typical Usage: |
| 124 |
+# In httpd.conf declare an pwauth authenticator and a unixgroup authenticator: |
| 125 |
+# |
| 126 |
+# AddExternalAuth pwauth /path/to/pwauth |
| 127 |
+# SetExternalAuthMethod pwauth pipe |
| 128 |
+# AddExternalGroup unixgroup /path/to/unixgroup |
| 129 |
+# SetExternalGroupMethod unixgroup environment |
| 130 |
+# |
| 131 |
+# In .htaccess file do something like |
| 132 |
+# |
| 133 |
+# AuthType Basic |
| 134 |
+# AuthName SystemName |
| 135 |
+# AuthExternal pwauth |
| 136 |
+# GroupExternal unixgroup |
| 137 |
+# require group customers admins staff |
| 138 |
+# |
| 139 |
+# Here "SystemName" is a string that will be included in the pop-up login |
| 140 |
+# box, all Unix groupnames which are to be allowed to login are listed on the |
| 141 |
+# "require group" command. If you are using this with mod_authnz_external, |
| 142 |
+# you'll need to add the directive "AuthBasicProvider external", but if you are |
| 143 |
+# using mod_authnz_external, you should be using mod_authz_unixgroup instead |
| 144 |
+# of this. |
| 145 |
+ |
| 146 |
+# Get primary GID number for the user |
| 147 |
+$user= $ENV{USER}; |
| 148 |
+$gid= (getpwnam($user))[3]; |
| 149 |
+exit 2 if !defined $gid; # user does not exist - Reject |
| 150 |
+ |
| 151 |
+# Loop through groups |
| 152 |
+foreach $group (split ' ', $ENV{GROUP}) |
| 153 |
+{ |
| 154 |
+ if ($group =~ /^\d+$/) |
| 155 |
+ { |
| 156 |
+ # Group given as GID number |
| 157 |
+ exit 0 if ($group == $gid); |
| 158 |
+ # Get list of members |
| 159 |
+ $members= (getgrgid($group))[3]; |
| 160 |
+ } |
| 161 |
+ else |
| 162 |
+ { |
| 163 |
+ # Group given by name |
| 164 |
+ ($gname, $x, $ggid, $members)= getgrnam($group); |
| 165 |
+ next if !$gname; # skip non-existant group |
| 166 |
+ exit 0 if ($ggid == $gid); |
| 167 |
+ } |
| 168 |
+ |
| 169 |
+ # Check if user is in member list |
| 170 |
+ foreach $mem (split ' ',$members) |
| 171 |
+ { |
| 172 |
+ exit 0 if ($user eq $mem); |
| 173 |
+ } |
| 174 |
+} |
| 175 |
+ |
| 176 |
+exit 1; |
Parent Directory
| 
Revision Log
| 
Revision Graph
